Commit Graph

68 Commits

Author SHA1 Message Date
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Koji Takeda 7c33096398 Support PBE_AES256_CBC and PBE_AES128_CBC cert encryption on wc_PKCS12_create() 2025-06-04 16:43:30 +09:00
Koji Takeda 3666851589 Support PBE_AES256_CBC and PBE_AES128_CBC key encryption on wc_PKCS12_create() 2025-05-19 22:26:46 +09:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
Daniel Pouzzner b544354306 wolfssl/wolfcrypt/wolfmath.h: don't include an MPI header if NO_BIG_INT is
defined, and issue a #error if no MPI backend gate is defined and NO_BIG_INT
   is not defined either.

configure.ac:
* add support for FIPS lean-aesgcm[-{ready,dev}].
* implement handler for --enable-sha256.
* move setup for WOLFSSL_FIPS_DEV and WOLFSSL_FIPS_READY into the applicable
    per-flavor sections.
* fix sensing of $ENABLED_AESGCM in FIPS setup clauses to pivot on `!= "no"`
    rather than `= "yes"`, to accommodate "4bit" and other non-"yes" values.
* fix SNI_DEFAULT to be "no" if $ENABLED_TLS = no.
* fix ENABLED_DHDEFAULTPARAMS default to be $ENABLED_DH rather than yes.

wc_encrypt.c: add missing gates in wc_CryptKey() for NO_SHA256.

wolfcrypt/test/test.c: gating fixes for NO_SHA256.

wolfcrypt/benchmark/benchmark.c: basic fixes for building/running with
  --disable-rng (-DWC_NO_RNG).

With the above additions and fixes, it's now a clean build, test, and benchmark,
  with --disable-sha256 --enable-cryptonly --disable-hashdrbg --disable-rng
  --disable-hmac, though RSA/DH/ECC benches are disabled.
2025-03-20 20:03:34 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Daniel Pouzzner 88af1a2932 fixes for Coverity #394680, #394682, #394693, #394712. 2024-07-05 20:42:32 -05:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
Sean Parkinson e1274013d8 AES: NO_AES_DECRYPT defined
Allow code to compile with NO_AES_DECRYPT with AES modes enabled and
disabled.
2024-05-14 16:27:36 +10:00
Daniel Pouzzner a4aef0e55d refinements from peer review for #6303. 2023-04-18 12:23:24 -05:00
Daniel Pouzzner 4b9302cdb3 another batch of -Wconversion fixes. 2023-04-18 12:23:24 -05:00
Sean Parkinson d1e4349661 MemZero check fixes
ForceZero the client and server secret regardless of whether TLS 1.3 as
it may change but have been copied in.
ForceZero the input buffer in wolfSSL_Clear() when encryption was on.

Changed wc_PRF_TLS to only check the parts of data used.
Changed where scatch is added for checking in wc_AesCtrEncrypt.
Change wc_MakeRsaKey to memset p, q, tmp1, tmp2 and tmp3 to all zeros so
that MemZero check works. Memset not needed otherwise.
Changes for new compiler - thinks uninitialized.
2023-03-23 12:27:38 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
David Garske 77ffacf6d1 Fix for build error with SHA2-256 disabled. 2022-11-10 11:38:08 -08:00
Hayden Roche 3bf21b5a05 Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
2022-08-05 10:32:18 -07:00
Eric Blankenhorn ecdccb6180 Fix build error with WOLFSSL_AES_DIRECT 2022-08-03 09:09:28 -05:00
Eric Blankenhorn f713c75a73 Fix dead code warnings in evpCipherBlock and wc_CryptKey 2022-08-03 08:08:00 -05:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Sean Parkinson 1b29f7353a Check memory is zeroized
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00
Sean Parkinson f1ce0cc95d Memory zeroization fixes
Zeroize secrets in stack buffers and allocated memory.
mp_forcezero to ensure private MP integers are zeroized.
Fix whitespace and add some comments.
2022-06-15 11:26:11 +10:00
David Garske 3fba5d17c3 Various portability improvements:
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
2022-03-17 14:00:55 -07:00
David Garske 56c562a516 Fixes for building with ./configure --enable-opensslextra --enable-cryptonly CFLAGS="-DNO_HMAC" && make. Found this testing a customers configuration with latest. Also fixes some trailing whitespace. 2022-02-07 15:10:21 -08:00
Marco Oliverio 2679c386ae wolfcrypt: wc_encrypt: add missing wc_AesFree() 2021-12-30 20:30:36 +01:00
toddouska 3ac03d3d66 Merge pull request #3805 from JacobBarthelmeh/copyright
update copyright date to 2021
2021-03-15 16:16:50 -07:00
Sean Parkinson a55e94cf6f ECCSI and SAKKE: add support
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Daniel Pouzzner a332cf36b5 add DYNAMIC_TYPE_AES and DYNAMIC_TYPE_CMAC to enum in types.h, and use these where appropriate;
in test.c: use use HEAP_HINT, not NULL in XMALLOC/XFREE calls;

fix a couple typos in aes_test() re WOLFSSL_ASYNC_CRYPT;

add various missing WOLFSSL_SMALL_STACK_STATIC qualifiers;

and streamline old smallstack refactor on-stack declarations declarations to use the much neater [1] construct.
2021-01-29 17:17:31 -06:00
Daniel Pouzzner 0f6ae330da wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table. 2021-01-28 22:51:28 -06:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
toddouska 931eea30f5 Merge pull request #3397 from cconlon/rc2
RC2 ECB/CBC and PKCS#12 Integration
2020-10-28 15:06:47 -07:00
John Safranek f5f883597e RSA PSS Fix
1. Change the utility function in wc_encrypt that returns the size of a
   hash to initialize the size to HASH_TYPE_E, like the other utility
   functions.
2. When getting the hash size returns an error, RSA-PSS verify inline
   should return a BAD_FUNC_ARG error.
2020-10-24 13:06:42 -07:00
Chris Conlon d4bbe529fb switch RC2 struct name to Rc2 for consistent camel case across algorithms 2020-10-16 15:19:47 -06:00
Chris Conlon 2c0f4b619e add RC2-40-CBC support to PKCS#12 parsing 2020-10-16 12:02:20 -06:00
John Safranek 7cbf496329 Encrypt key requirements check
The file wc_encrypt.c offers a function named wc_CryptKey(), which
requires PWDBASED and ASN. Added the check for ASN.
2020-04-21 10:21:58 -07:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
JacobBarthelmeh 6b4551c012 Merge pull request #2654 from cariepointer/qt-512-513
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Carie Pointer ef99086aee Fix valgrind errors 2020-01-10 10:08:39 -07:00
Carie Pointer b9c99709f7 Fixes from review 2020-01-08 12:48:01 -07:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
David Garske 24bfea1ad2 Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new NO_CHECK_PRIVATE_KEY to allow reduce code size when not required. 2019-08-20 10:38:08 -07:00
David Garske 5067d1fc10 Merge pull request #2328 from kaleb-himes/ZD-5373-TIRTOS
Updating for TI hardware offload with latest version of wolfSSL
2019-07-16 11:43:56 -07:00
kaleb-himes b8c6bc0d7f Changes following peer review, add defines to disable for any HW port 2019-07-08 16:28:35 -06:00
David Garske eba78cd87a Improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt.c. Adds --enable-pkcs12, HAVE_PKCS12/NO_PKCS12, HAVE_PKCS8 / NO_PKCS8 and HAVE_PBKDF1 / NO_PBKDF1. 2019-07-02 09:35:46 -07:00
Martin Kinčl 3b544b8584 Fixed use of uninitialized value in wc_BufferKeyEncrypt. 2019-05-16 16:41:31 +02:00
Martin Kinčl 7a9d3db514 Fixed use of uninitialized value in wc_BufferKeyDecrypt. 2019-05-16 16:37:31 +02:00